lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 26 Mar 2018 10:44:55 +0200
From:   Cornelia Huck <cohuck@...hat.com>
To:     Pierre Morel <pmorel@...ux.vnet.ibm.com>
Cc:     Tony Krowiak <akrowiak@...ux.vnet.ibm.com>,
        linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
        kvm@...r.kernel.org, freude@...ibm.com, schwidefsky@...ibm.com,
        heiko.carstens@...ibm.com, borntraeger@...ibm.com,
        kwankhede@...dia.com, bjsdjshi@...ux.vnet.ibm.com,
        pbonzini@...hat.com, alex.williamson@...hat.com,
        alifm@...ux.vnet.ibm.com, mjrosato@...ux.vnet.ibm.com,
        jjherne@...ux.vnet.ibm.com, thuth@...hat.com,
        pasic@...ux.vnet.ibm.com, berrange@...hat.com,
        fiuczy@...ux.vnet.ibm.com, buendgen@...ibm.com
Subject: Re: [PATCH v3 01/14] KVM: s390: refactor crypto initialization

On Thu, 15 Mar 2018 15:55:39 +0100
Pierre Morel <pmorel@...ux.vnet.ibm.com> wrote:

> On 15/03/2018 15:48, Tony Krowiak wrote:
> > On 03/15/2018 08:26 AM, Pierre Morel wrote:  
> >> On 14/03/2018 19:25, Tony Krowiak wrote:  

> >>> diff --git a/arch/s390/kvm/Kconfig b/arch/s390/kvm/Kconfig
> >>> index a3dbd45..4ca9077 100644
> >>> --- a/arch/s390/kvm/Kconfig
> >>> +++ b/arch/s390/kvm/Kconfig
> >>> @@ -33,6 +33,7 @@ config KVM
> >>>       select HAVE_KVM_INVALID_WAKEUPS
> >>>       select SRCU
> >>>       select KVM_VFIO
> >>> +    select ZCRYPT  
> >>
> >> I do not think it is a good solution to *always* enable ZCRYPT
> >> when we have KVM.  
> > If CONFIG_ZCRYPT is not selected, then the kvm_ap_apxa_installed() 
> > function will not compile
> > because it calls a zcrypt interface. How would you suggest we make 
> > sure zcrypt interfaces
> > used in KVM are built if CONFIG_ZCRYPT is not selected?  
> 
> if zcrypt is not configured, I suppose that the KVM code initializaing CRYCB
> has no use but the function will be called from KVM.
> So I would do something like:
> 
> #ifdef ZCRYPT
> external definitions.
> #else
> stubs returning error -ENOZCRYPT (or whatever)
> #endif

The kvm code used some kind of detection for crycb before (IIRC it was
for the key-wrapping stuff). I assume that usage is independent of
zcrypt driver usage in the host?

So, I think that apxa detection function should be used to s390
architecture base code and not be conditional on anything.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ